David.R.Gilson

How to have your cloud and eat it

Nov 11

How-To Guides David No Comments
alias, backup, backups, cloud, computing, curl, download, e-mail, email, flickr, forwarding, gmail, google, hotmail, scripts, upload, webmail, wget, yahoo

When cloud computing goes bad

Cloud computing is great isn’t it? We can have all our data stored somewhere on the interwebs, accessible to us from any computer or mobile phone. I’m picturing it now, a white fuzzy-bordered soft-focus video with shampoo-advert beautiful people gather around a computer smiling and laughing at work and at home. Yes, I’m being sarcastic, but cloud computing definitely has its advantages, especially given that OSX and Linux are nibbling away at Window’s desktop market share. We’re in more need than ever for cross-platform and platform agnostic software solutions.

So, what’s the catch? Well, if you exercise due diligence on which services to use, then there are not really any significant catches. But there lies the rub, I know most people won’t bother with due diligence, they’ll just sign up to that free email/calendar/documents service and give little thought to what happens when that services breaks down or (wrongly) decides you’re doing naughty things and locks you out, or even worse, disappears from the internet forever. Think about that for a moment, it could be a disaster for you.

The most important thing to ensure with any cloud computing service (e.g. email, calendar, documents, etc.) is to make sure you can get a copy of your own data. If your data only exists in the cloud, then you don’t have your data. If your cloud service ever has a catastrophic failure, goes out of business or locks you out of your account, then you loose access to all of your data. If you have a backup copy, then you’re already in a position to set up an account elsewhere and upload your data. Of course, your cloud service should do their own backups, but downloading your own copy is like having an off-site backup too.

If you use any of the Google services then you should take a look at dataliberation.org. It is a site ran by Google employees, and collects all the information you need on how to extract your data from Google’s cloud services like Gmail, Calendar and Documents, etc. If you use some other cloud service, then it’s up to you to investigate how to get a copy of your data from their servers. If you can’t, then stop using them and find someone else. Being able to manually download backups is okay, but what you really want is to automate backup downloads. This is where command line applications like wget and cURL can come in handy for running scheduled scripts. Email is no different. I recently blogged about how to set up an automated email backup. Although a reliable manual method is to set up Mozilla Thunderbird to keep offline copies of all your IMAP folders. What’s that? You don’t use IMAP? Really, get with the times, please!

Compute in the cloud with peace of mind

Talking of email, there is one extra thing you can do to protect yourself from loosing your email/webmail account. In the even that you loose access to your chosen webmail service, nobody can email you, and if you have to set up a new account you’ll have get in touch with everyone you know to share your new email address. This is an inconvenience for everyone. Therefore, the best way to protect yourself against this is to: first, never let anyone know the email address of your webmail service; and second, get yourself an email alias to redirect to your real email address. The easiest way to get an email alias is to register a domain name an set up email forwarding there. Some organisations offer email aliases as a curtosy to their members (e.g. the Institute of Physics offers user@iop.org aliases). Failing everything else, you could try out myhandle.com. Then, if your regular webmail service ever closes down, you can set up a new account and redirect your public email address to the new webmail account.

Let’s go over this again …

Cloud computing is great, so if you want to enjoy the advantages while avoiding the pitfalls, then just make sure you do the following:

1. Make sure you know how to download regular backups of your data.
2. Obtain an email alias to use as your public email address.

Password Maker

Oct 12

How-To Guides David No Comments
add-on, crack, e-mail, email, extension, firefox, free, gmail, google, hack, hotmail, maker, mobile, online, open, password, source, yahoo

Password Maker

If you were following the tech news last week, hopefully you’ll have heard about the surge in leaked and phished passwords from Gmail, Hotmail and Yahoo. CNET UK covered it twice.

This brings up the thorny issue of how to effectively manage all of your passwords. Some people have one strong password they use everywhere, others will do this but append something for each site. Other people, who frankly scare me, use simple things like “password”, “12345″, “67890″, etc.

What exactly is a strong password? The more random and unpredictable a password is, the stronger it is. In other words, predictable passwords are easy to remember, and easy to crack.

Randomly flaying your fingers at the keyboard will generate a random block of text. Although, you need to recall this random text sometimes, but how? You could keep them all in a file, but this is no good, because if someone gets that file, you’re sunk (same goes for paper records). Even if you use a password manager which keeps your passwords in an encrypted file, they’re still there in a file, which if obtained, could be decrypted by brute force.

The Password Maker Firefox add-on.

A while ago, I listened to Floss Weekly interviewing Eric Jung from the Foxy Proxy project. During the interview, his involvement with a free and open source project called Password Maker was mentioned. Password Maker works by generating a cryptographic hash of both the domain of the website you’re logging into and a master password of your choosing. Thus creating a different piece of pseudo-random text for every website you use. There are lots more settings so that you can finely tune what goes into the password, but don’t worry about those just now.

To put it simply, you never have to find or recover your passwords, because they’re never stored, they’re just generated for you when you need access to them.

The best way to use Password Maker is in the form of a Firefox add-on. However, if you’re away from home, or whatever, there is an on-line version and a mobile browser version, which you can even install on your own website, if you have one. This best security aspect of this is that your master password isn’t stored, and the hashing algorithm is already open, so there’s nothing to hack.

If any one of your site passwords are compromised, it is easy to create a new one by using a new master password. Furthermore, so that you’re not having to remember different master passwords for different sites, I would take one compromised password as an excuse to change ALL of your passwords. Changing your passwords is inconvenient when you have a lot of accounts on the web, but Password Maker makes it easier to get into the habit, especially with the Firefox add-on.

The recent news pushed me into finally doing this, although I had been putting it off due to the fear of trying to make it work with my mobile browser. Although thanks to Opera Mini 5 now supporting text selection and tabbed browsing, the mobile browser version is a viable method for advanced password management on your phone.